29th Oct 2021

Two Factor Authentication: Putting a Lock on Your Lock

You can never be too careful when dealing with money – especially when it comes to online security and payment processing.

Internet fraud, cyber threats, online scams, eCRIME… these are words that we are all too familiar with today.

Increasingly, however, individuals and businesses are turning to online security tools such as two factor authentication for help. The idea is simple: adding another layer of security can lock fraudsters out of your systems and prevent automated cyber-attacks.

It often feels like you can’t go a day without hearing about cyber-raids on bank accounts or reading about online scammers threatening to leak data unless ransom demands are met.

Undoubtedly, cyber security is the single biggest threat to business today. Back in 2016, a poll of players in the global financial services sector found that Donald Trump – the President Elect at the time – was less of a disruptive threat to global business than cyber risk.

With attacks happening daily, what can we do to avoid these risks?

The answer lies in two-factor authentication (also known as 2FA, two-step verification and multi-factor authentication).

 

cyber-lock-depicting-online-security

With the increasing prevalence of online transactions and virtual workloads, the need for two-factor authentication is higher than ever.

 

How Big is the Threat That 2FA Prevents?

Before we dive deeper into what two-factor authentication is and its role in online security, let’s have a look at some cyber risk statistics.

The UK Government reported in early 2021 that four in ten businesses (39%) and a quarter of charities (26%) reported having cyber security breaches or attacks in the previous 12 months, with the risk of threat increasing among medium-sized and large businesses.

The Covid-19 pandemic, it’s worth noting, has left businesses particularly susceptible to cyber threats, too. For example, fewer businesses are now deploying security monitoring tools (35%, vs. 40% last year) due to the complications of organising software across a geographically-separated workforce.

Not only this, but a reported 47% of individuals fall for phishing scams whilst working from home.

 

What Kind of Security Threats Are There?

We’ve just mentioned scam phishing emails as a significant (and well-known) online security risk, but there are plenty more, sadly.

Let’s cover a few in a little more detail.

  • Password attacks: without two-factor authentication, all a hacker needs is your login details to access a wealth of your information. Criminals can either trick you into revealing your password, access password data bases, or simply guess.
  • Malware: meaning simply malicious software, malware can cover a range of spyware, ransomware and viruses. When a user clicks on a malicious link, malware activates, installing additional harmful software, blocking access to key network components
  • Denial of Service (DoS) attack: a virtual attack designed to flood a network or computer in order to make it temporarily unavailable and unable to respond to requests.
  • Man in the Middle attack: when a hacker inserts themselves into the centre of a transaction, meaning they can steal the data they have interrupted.

 

Two-Factor Authentication – How Can It Help?

We’re all aware, then, of the importance of online security, logins, usernames and passwords.

However, if you were to ask around your office “what is two-factor authentication?”, there’s a good chance you’ll get blank faces staring right back at you – especially if you’re not in the tech industry.

Not many people are aware what it is or how it works, but it’s actually really simple – and most importantly, effective. Based on internal studies conducted by Microsoft, your account is more than 99.9% less likely to be compromised when using two-factor authentication.

 

In Plain English:

Put simply, two-factor authentication is an extra layer of security that requires not only a password and username, but also an additional form of verification that only you exclusively have access to.

Think of your password as a flimsy wooden panel, and 2FA as a large concrete wall behind it. The wooden wall will surely provide basic protection against would-be threats, but won’t cut it for individuals who are serious about breaking it down.

 

two-factor-authentication-diagram-showing-its-different-elements

The security behind two-factor authentication can be predicated on something you know, have, or are.

 

These secondary, exclusive factors can include:

  • Something you know – an additional PIN, password or piece of information
  • Something you have – a device, such as token or card reader that allows you to approve authentication requests
  • Something you are – a unique biometric imprint, such as a fingerprint, iris, voice or face.

Interesting, but how does it work?

Most security procedures require a single form of identity – in most situations this is a simple online security detail, such as a username and password.

A two-factor authentication method on the other hand, uses the same username and password, but it also requires a secondary factor that only the user has access to. This makes it harder for criminals and fraudsters to break the metaphorical lock and access your data and financial records

To use the aforementioned Man in the Middle attack as an example, the data interrupted would no longer be immediately accessible to the hacker, as users are required to submit credentials from a secondary device.

It is worth noting that while popular, SMS-based 2FA is typically no longer recommended as a viable and reliable type of back-up. According to the Director of Identity Security at Microsoft, SMS and voice calls are not only transmitted in cleartext and easily intercepted by determined attackers, but SMS-based one-time codes are also phishable via open source.

 

This Isn’t New, Right?

You’re 100% correct. Two-factor authentication isn’t some new-fangled concept dreamt up by a 10-year-old hacker. It goes back quite a few years.

However, the ubiquity of smart devices – in addition to our increasing dependency on digital services (especially online financial services) and modernising methods of two-factor authentication being made available – has resulted in a recent resurgence.

Good news for us; cyber criminals? Less so.

As more people become educated about two-factor authentication and become privy to using it, the number of identity theft, fraud and hacking cases will begin to drop.

Now wouldn’t that be great?

 

How Can I Help Speed This Up?

Spread the word! Share the love! And embrace two-factor authentication! That is exactly what we’re doing.

Our in-house developers have long-since worked their technical wizardry and added two-factor authentication to the AccessPay platform. For our customers, this means even better online security – at no additional cost.

For a closer look at our services, either check out or recent Platform Showcase or book a demo today.